Time protection method and device
By using virtual timers in the AUTOSAR operating system to protect code segments in a Task by time, the resource overhead caused by adding new Tasks is solved, and flexible and efficient time management is achieved.
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- YINWANG INTELLIGENT TECHNOLOGIES CO LTD
- Filing Date
- 2024-12-27
- Publication Date
- 2026-07-02
AI Technical Summary
The AUTOSAR operating system requires the creation of a new task for time protection when a task times out, which increases system resource overhead.
By using virtual timers in system tasks to protect code segments from time constraints, new tasks can be avoided, thereby reducing system overhead.
This achieves time protection for code segments in a Task without increasing system resources, thus avoiding timing scheduling problems and resource waste.
Smart Images

Figure CN2024143390_02072026_PF_FP_ABST
Abstract
Description
A time protection method and device Technical Field
[0001] This application relates to the field of computer technology, and in particular to a time protection method and apparatus. Background Technology
[0002] With the continuous development of automotive embedded software development processes, more and more automotive parts manufacturers and original equipment manufacturers (OEMs) are adopting the automotive open system architecture (AUTOSAR) for software development.
[0003] Currently, the AUTOSAR operating system protects task execution time. If a task times out, the corresponding time protection timer triggers a timeout interrupt, thus interrupting task execution and entering the timeout handling mechanism. For Runnable interfaces within a task, these interfaces are also encapsulated into a separate task for time protection. This design means that when a new task is added, the system needs to allocate new resources, increasing system overhead. Summary of the Invention
[0004] This application provides a method and apparatus for time protection, which can reduce system overhead.
[0005] Firstly, this application provides a time protection method, which can be executed by a time protection device or a component (such as a processor, processing unit, chip system, circuit, or chip) capable of supporting the time protection device in implementing the time protection method. Optionally, the time protection method provided in the embodiments of this application can also be implemented by a logic node, logic module, or software capable of implementing all or part of the functions of the time protection device. For example, the following describes the execution of the time protection method by a time protection device. The method mainly includes the following steps: determining a first virtual timer and a first duration; performing time protection on a first code segment corresponding to a system task using the first virtual timer according to the first duration; wherein the system task corresponds to multiple code segments, and the multiple code segments include the first code segment.
[0006] The above design uses a virtual timer to protect the time of certain code within system tasks, without requiring additional tasks or new resources, thus reducing system overhead.
[0007] In one possible design, the step of protecting the first code segment corresponding to the system task through the first virtual timer according to the first duration includes: calling the startup function corresponding to the first virtual timer to start the time protection of the first code segment; executing the first code segment, and interrupting the execution of the first code segment when the execution time of the first code segment exceeds the first duration.
[0008] The above design provides application programming interface (API) scheduling to protect the time of code segments in the task and configures a time budget (first duration) for the code segment, which makes it easier to accurately determine whether the execution of the code segment has timed out.
[0009] In one possible design, when the startup function corresponding to the first virtual timer is called, the return value of the startup function corresponds to the second state information of the first virtual timer, and the second state information indicates that time protection for the first code segment is initiated. In another possible design, after the execution of the first code segment is interrupted, the method further includes: determining that the return value of the startup function corresponds to the first state information of the first virtual timer, and the first state information indicates that the execution time of the first code segment has timed out.
[0010] In the above design, after the code segment execution times out and is interrupted, the state of the virtual timer is adjusted to update the return value of the startup function. This can improve the execution logic of the startup function, avoid errors in the entire task execution, and facilitate the normal execution of subsequent code in the task.
[0011] In one possible design, the method further includes: inputting the first duration to a hardware clock timer associated with the first virtual timer; and determining, upon receiving a first instruction output by the hardware clock timer, that the execution time of the first code segment exceeds the first duration.
[0012] The above design uses hardware interrupts to handle timeout code segments, releasing the CPU resources occupied by the execution of the timeout code segments and reducing CPU resource waste.
[0013] In one possible design, the step of protecting the first code segment corresponding to the system task through the first virtual timer according to the first duration includes: calling the start function corresponding to the first virtual timer to start the time protection of the first code segment; executing the first code segment and when the execution time of the first code segment is less than the first duration, calling the stop function corresponding to the first virtual timer to stop the time protection of the first code segment.
[0014] This design calls the API to stop the execution of the code segment early after it is completed, which improves the execution efficiency of subsequent code and reduces the waste of CPU resources.
[0015] In one possible design, the method further includes: obtaining a second duration; and, based on the second duration, performing time protection on the second code segment corresponding to the system task using the first virtual timer; wherein the execution of the second code segment is later than the execution of the first code segment.
[0016] Optionally, the step of protecting the second code segment corresponding to the system task by means of the first virtual timer according to the second duration includes: calling the start function corresponding to the first virtual timer to start the time protection of the second code segment; executing the second code segment, and interrupting the execution of the second code segment when the execution time of the second code segment exceeds the second duration; or, when the second code segment is executed and the execution time of the second code segment is less than the second duration, calling the stop function corresponding to the first virtual timer to stop the time protection of the second code segment.
[0017] This design uses only one virtual machine and time-sharing protection for different code segments, which simplifies the virtual machine configuration process and reduces the resource overhead of virtual machine configuration.
[0018] In one possible design, the method further includes: determining a second virtual timer and a third duration; and, based on the third duration, performing time protection on a third code segment corresponding to the system task through the second virtual timer.
[0019] This design configures multiple virtualizers, which can be used to perform time protection on multiple code segments in parallel, making the solution more flexible.
[0020] In one possible design, when the start execution times of the first code segment and the second code segment are the same, the method further includes: inputting a first duration to a hardware clock timer; wherein the hardware clock timer is associated with the first virtual timer and the second virtual timer, and the first duration is less than the third duration; upon receiving a first instruction output by the hardware clock timer, inputting the duration difference between the third duration and the first duration to the hardware clock timer; wherein the first instruction indicates that the execution time of the first code segment exceeds the first duration. This design ensures the normal operation of the hardware clock timer, thereby guaranteeing that time protection for the code segments can be implemented in parallel.
[0021] In one possible design, the method further includes: determining configuration information of a third virtual timer and a fourth duration; and, based on the fourth duration, performing time protection on a fourth code segment and a first code segment corresponding to the system task through the third virtual timer; wherein the fourth duration is longer than the first duration.
[0022] Optionally, the step of performing time protection on the fourth code segment and the first code segment corresponding to the system task through the third virtual timer according to the fourth duration includes: calling the start function corresponding to the third virtual timer to start time protection for the fourth code segment and the first code segment; calling the start function corresponding to the first virtual timer to start time protection for the first code segment; executing the first code segment, and interrupting the execution of the first code segment when the execution time of the first code segment exceeds the first duration; executing the fourth code segment, and calling the stop function corresponding to the third virtual timer to stop time protection for the fourth code segment when the execution time of the fourth code segment is less than the duration difference between the fourth duration and the first duration.
[0023] In this design, additional virtual timers are configured for a portion of the code segment protected by a virtual timer, enabling nested application of virtual timers and making the solution more flexible.
[0024] In one possible design, the method is applied to the AUTOSAR open system architecture for automobiles.
[0025] Secondly, this application provides a time protection device that has the function of implementing the behavior in the method and design described in the first aspect above. The function can be implemented by hardware or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above-described function. In one possible implementation, the time protection device includes a determining module, a time protection module, and a transceiver module. Optionally, the transceiver module can also be described as an input / output module, a communication module, or other names. The transceiver module includes a receiving unit and a transmitting unit; the receiving unit is used to receive information from other devices, and the transmitting unit is used to send information to other devices. The input / output module includes an input unit and an output unit; the input unit is used to receive information output by other devices, and the output unit is used to output information to other devices or, in other words, to input information to other devices. The following example, using a time protection device including a determining module, a time protection module, and a transceiver module, illustrates the functional implementation and design of the time protection device.
[0026] The determination module is used to determine the first virtual timer and the first duration;
[0027] A time protection module is used to perform time protection on a first code segment corresponding to a system task using a first virtual timer based on the first duration; wherein, the system task corresponds to multiple code segments, and the multiple code segments include the first code segment.
[0028] In one possible design, the time protection module is specifically used to: call the startup function corresponding to the first virtual timer to start time protection for the first code segment; execute the first code segment, and interrupt the execution of the first code segment when the execution time of the first code segment exceeds the first duration.
[0029] In one possible design, the determining module is further configured to: after the time protection module interrupts the execution of the first code segment, determine the first status information of the first virtual timer corresponding to the return value of the start function, wherein the first status information indicates that the execution time of the first code segment has timed out.
[0030] In one possible design, a transceiver module is also included; wherein the transceiver module is configured to input the first duration to the hardware clock timer associated with the first virtual timer, and to receive the first instruction output by the hardware clock timer; the determining module is further configured to determine that the execution time of the first code segment exceeds the first duration.
[0031] In one possible design, the start function corresponding to the first virtual timer is called to initiate time protection for the first code segment; when the execution time of the first code segment is less than the first duration, the stop function corresponding to the first virtual timer is called to stop time protection for the first code segment.
[0032] In one possible design, the determining module is further configured to: when the time protection module calls the start function corresponding to the first virtual timer, determine the second status information of the first virtual timer corresponding to the return value of the start function, wherein the second status information indicates the start of time protection for the first code segment.
[0033] In one possible design, the determining module is further configured to acquire a second duration; the time protection module is further configured to perform time protection on the second code segment corresponding to the system task based on the second duration using the first virtual timer; wherein the execution of the second code segment is later than the execution of the first code segment.
[0034] In one possible design, the time protection module is specifically used to: call the start function corresponding to the first virtual timer to start time protection for the second code segment; execute the second code segment, and interrupt the execution of the second code segment when the execution time of the second code segment exceeds the second duration; or, when the second code segment is executed and the execution time of the second code segment is less than the second duration, call the stop function corresponding to the first virtual timer to stop time protection for the second code segment.
[0035] In one possible design, the determining module is further configured to determine a second virtual timer and a third duration; the time protection module is further configured to perform time protection on the third code segment corresponding to the system task through the second virtual timer according to the third duration.
[0036] In one possible design, when the start execution times of the first code segment and the second code segment are the same, the transceiver module is further configured to: input the first duration to a hardware clock timer; wherein the hardware clock timer is associated with the first virtual timer and the second virtual timer, and the first duration is less than the third duration; upon receiving a first instruction output by the hardware clock timer, input the duration difference between the third duration and the first duration to the hardware clock timer; wherein the first instruction indicates that the execution time of the first code segment exceeds the first duration.
[0037] In one possible design, the determining module is further configured to determine the configuration information of the third virtual timer and the fourth duration; the time protection module is further configured to perform time protection on the fourth code segment and the first code segment corresponding to the system task through the third virtual timer according to the fourth duration; wherein the fourth duration is longer than the first duration.
[0038] In one possible design, the time protection module is specifically configured to: call the startup function corresponding to the third virtual timer to initiate time protection for the fourth code segment and the first code segment; call the startup function corresponding to the first virtual timer to initiate time protection for the first code segment; execute the first code segment, and interrupt the execution of the first code segment when the execution time of the first code segment exceeds the first duration; execute the fourth code segment, and when the execution time of the fourth code segment is less than the duration difference between the fourth duration and the first duration, call the stop function corresponding to the third virtual timer to stop the time protection for the fourth code segment.
[0039] In one possible design, the device is applied to the AUTOSAR open system architecture for automobiles.
[0040] Thirdly, embodiments of this application provide a computer device, including a processing unit and a storage unit, wherein the storage unit stores executable code, and when the processing unit executes the executable code, it implements the method as described in the first aspect or any possible design in the first aspect.
[0041] Fourthly, embodiments of this application provide a computer storage medium, including a processor and a memory, wherein executable code is stored in the memory, and when the processor executes the executable code, it implements the method as described in the first aspect or any possible design in the first aspect.
[0042] Fifthly, embodiments of this application provide a chip coupled to a memory for executing a program stored in the memory to implement the method in the first aspect or any possible design in the first aspect.
[0043] Sixthly, embodiments of this application provide a program product by which a computer device, by running the program product, implements the method as described in the first aspect or any possible design in the first aspect.
[0044] In a seventh aspect, embodiments of this application provide a vehicle that includes the means described in the second aspect or any possible design in the second aspect.
[0045] For the technical effects that can be achieved by the second to seventh aspects mentioned above, please refer to the description of the technical effects that can be achieved by the first aspect or the corresponding possible design scheme in the first aspect. This application will not repeat them here. Attached Figure Description
[0046] Figure 1 is a schematic diagram of a system architecture in the AUTOSAR standard provided in an embodiment of this application;
[0047] Figure 2 is a schematic diagram of a time protection process for a task;
[0048] Figure 3A is one of the configuration diagrams of an OS object provided in an embodiment of this application;
[0049] Figure 3B is one of the configuration diagrams of an OS object provided in an embodiment of this application;
[0050] Figure 4 is a flowchart illustrating one of the time protection methods provided in this application.
[0051] Figure 5 is a schematic diagram of the process of calling the OS object provided in an embodiment of this application;
[0052] Figure 6A is a flowchart illustrating a code logic implementation provided in an embodiment of this application;
[0053] Figure 6B is a flowchart illustrating a code logic implementation provided in an embodiment of this application;
[0054] Figure 7 is a flowchart illustrating one of the time protection methods provided in this application.
[0055] Figure 8 is a flowchart illustrating one of the time protection methods provided in this application embodiment;
[0056] Figure 9 is one of the configuration diagrams of an OS object provided in an embodiment of this application;
[0057] Figure 10 is a schematic diagram of the time protection device provided in an embodiment of this application;
[0058] Figure 11 is a schematic diagram of the structure of a computer device provided in an embodiment of this application. Detailed Implementation
[0059] To make the objectives, technical solutions, and advantages of this application clearer, the application will now be described in further detail with reference to the accompanying drawings.
[0060] The term "at least one" as used in this application refers to one or more items. "More than one item" means two or more items. "And / or" describes the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent: A alone, A and B simultaneously, or B alone. The character " / " generally indicates that the preceding and following related objects have an "or" relationship. Furthermore, it should be understood that although the terms "first," "second," etc., may be used in this application to describe various objects, these objects should not be limited to these terms. These terms are only used to distinguish the objects from each other.
[0061] The terms "comprising" and "having," and any variations thereof, used in this application as described below, are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or apparatus that includes a series of steps or units is not limited to the listed steps or units, but may optionally include other steps or units not listed, or optionally include other steps or units inherent to such processes, methods, products, or apparatus. It should be noted that in this application, words such as "exemplary" or "for example" are used to indicate illustrative, exemplary, or descriptive purposes. Any method or design described as "exemplary" or "for example" in this application should not be construed as being more preferred or advantageous than other methods or designs. Specifically, the use of words such as "exemplary" or "for example" is intended to present the relevant concepts in a concrete manner.
[0062] The following explanations cover some of the terms used in the embodiments of this application. It should be noted that these explanations are for the convenience of those skilled in the art and do not constitute a limitation on the scope of protection claimed in this application.
[0063] (1) AUTOSAR Standard
[0064] The AUTOSAR standard is a general-purpose layered software framework designed for application development in the automotive electronics field. It provides standard application programming interfaces (APIs) for various functional components, enabling the rapid integration of traditionally dispersed parts into a unified system architecture. As shown in Figure 1, in the AUTOSAR standard, the automotive electronics software architecture consists of a basic software (BSW) layer, a runtime environment (RTE), and an application software (ASW) layer. The AUTOSAR standard is typically provided in the form of documents, models, or templates. In this embodiment, the AUTOSAR standard is provided in the form of a template.
[0065] The application software layer is the top layer of the automotive electronic software architecture. It contains multiple software components (SWCs). A software component is a module that encapsulates some or all of the automotive electronic functions. Each software component (SWC) includes its specific functional implementation and corresponding description. The description of the software component records its attributes, including the ports used, port interfaces, runnable entities, and the corresponding RTE events of the runnable entities, provided in XML (eXtensible markup language) file format. The functional implementation of a software component relies on the cooperation between runnable entities and their corresponding events. A software component contains one or more runnable entities. A runnable entity is a piece of program code used to implement a simple algorithm or a specific function.
[0066] The runtime environment is the middle layer of the automotive electronic software architecture. It provides runtime components for applications in the application software layer, such as process time-slice scheduling and data exchange between application layer modules and between the application layer and the underlying software layer. The runtime environment decouples the application software layer from the underlying software layer, thereby enabling application software to be reused. The runtime environment includes multiple Real-Time Events (RTEs) used to trigger runnable entities.
[0067] The foundational software layer is the lowest layer of the automotive electronic software architecture. It includes the microcontroller abstraction layer (MCAL), the electronic control unit abstraction layer (ECUAL), the services layer, and complex device drivers (CDD). The foundational software layer consists of driver software directly related to the hardware, such as operations on memory, communication registers, and I / O ports. The ECU abstraction layer unifies the basic functions and interfaces of the controller, such as parsing CAN message content, forwarding gateway messages, and controlling memory read / write processes. The services layer provides various background services to the application software layer, such as network management, memory management, bus communication management services, and the operating system. The complex device drivers (CDD) provide users with the possibility of writing their own custom device driver software. Here, the operating system (OS) comprises multiple tasks. As the basic unit of operating system scheduling, a task not only provides runnable entities with common resources such as context and stack space but also sets execution priorities. The specific execution function of a task is determined by the runnable entity mapped to that task. Therefore, one or more closely related executable entities are often mapped to a single task.
[0068] (2) Context:
[0069] In computing, context typically refers to the environment in which a program or process executes, including all relevant variables and data. For a process, context includes register variables, files opened by the process, and memory information; for a thread, context includes registers and the thread stack; and for the central processing unit (CPU), context includes operand registers, stack registers, and status registers. Context contains all the information needed for program execution and is crucial for its correct execution. If the context is corrupted or lost during program execution, it may lead to program crashes or exceptions.
[0070] In computer programming, context encompasses the environment and state information of a program's execution, helping the program manage its state, control flow, and execution process. For example, a context switch is an event that occurs when the operating system manages processes and threads in a multitasking environment. It involves saving the state (i.e., context) of the current task for later restoration and transferring control to the next task. This process includes saving the register contents and program counter of the current task in the process control block, restoring the context of the next task, and continuing execution from the position pointed to by the program counter of the next task.
[0071] Currently, users (such as application developers) configure the Task execution time budget (TaskExecutionBudget, or OsTaskExecutionBudget) to define the CPU time budget for Task execution. The CPU time occupied by a Task refers to the time the Task uses the CPU while in a running state, excluding time spent relinquishing CPU due to interruption or preemption. While a Task is using the CPU, its corresponding time-protection timer will run, and its counter will automatically increment. If a Task relinquishes the CPU, its time-protection timer will be paused, and the user will relinquish control of the timer. When the Task regains CPU access, its time-protection timer will resume its execution context and continue counting.
[0072] If the CPU time consumed by a task exceeds the user-configured TaskExecutionBudget, a time protection mechanism will be triggered. This mechanism can be understood as follows: First, the Autosar OS configures a corresponding control block, TaskExecutionBudgetCB, for TaskExecutionBudget, which is a part of the Task Control Block. TaskExecutionBudgetCB records the CPU clock of tasks that have timed out. Tasks are started via the internal interface startBudget, which converts the task's CPU clock to the system clock to set the time protection hardware timer. Tasks are stopped (or terminated) via the internal interface stopBudget, which stops the time protection timer. If a task times out, the corresponding time protection timer triggers a timeout interrupt, interrupting the task's execution and initiating the timeout handling mechanism. The timeout protection mechanism can call the user's callback function. In the callback function, the user can customize the handling strategy for this timeout event, including terminating the task, shutting down the OS, or ignoring it.
[0073] Currently, the Autosar OS lacks a separate implementation for time protection of Runnables within Tasks. A Runnable is a function called by a Task, essentially part of the Task's execution code. In this embodiment, RE is short for Runnable. Autosar RTE's implementation of Runnable time protection relies on the OS's ability to protect Task time. If the RTE needs to protect a Runnable to prevent it from timing out, it needs to map that Runnable to a specific Task and set time protection for that Task. For example, to implement time protection for RE2 in Task A, Task A needs to be split into Task A and Task B. As illustrated in Figure 2, after the split, RE2 no longer runs in Task A, but runs in Task B, and time protection is implemented in Task B.
[0074] The above design, which uses the method of adding a new Task to protect the Runnable from time-related issues, will affect the Runnable's business execution environment, such as the execution context and stack state. For example, in Figure 2, RE2 executes in Task A before the time protection is applied, and RE2's priority is the same as Task A's priority. After the time protection of RE2 is applied, RE2 needs to execute in Task B. Task B needs to preempt the CPU, and Task B's priority is higher than Task A's priority. This changes the runtime environment of RE2, leading to potential timing and scheduling problems. Moreover, because a new Task B needs to be added, the system needs to allocate new resources for the new Task B (such as the core data structure (task control block, TCB) and stack space), which will also increase the system overhead.
[0075] In view of this, this application provides a time protection method that implements time protection for a portion of the code in a Task, which can avoid timing scheduling problems and reduce system overhead.
[0076] In one possible implementation, the OS can add a new OS object, OsBudget. OsBudget can be understood as a virtual timer, used for time protection of code segments (such as Runnables) within a task. The OS configuration tool can generate one or more OsBudgets, each with a unique identifier, which can be described as an OsBudget ID. For example, Figure 3A illustrates configuring OsBudget for Task A, which can be implemented as follows: Configure OsBudgets under the task time protection (OsTaskTimingProtection) node corresponding to Task A in the OsTasks displayed in the user interface. OsBudgets can include one or more OsBudgets. Taking two OsBudgets as an example, the identifiers of the two OsBudgets are Budget1 and Budget2.
[0077] Each OsBudget of a Task corresponds to a control block OsBudgetCB. OsBudgetCB stores the context, the state of the OsBudget, and the timeout (or time budget). The context indicates the environment in which the program executes, mainly including the stack register and return register. The OsBudget state includes running, paused, stopped, and timeout. The OS configuration tool can add an OsBudgetCB array to the Task Control Block based on the Task's OsBudgets; this array will be referred to as OsBudgetCBArray below. As shown in Figure 3B, the Task control block points to the OsBudgetCBArray, which includes the original TaskExecutionBudgetCB and one or more OsBudgetCBs configured above. Figure 3B illustrates OsBudget1CB, OsBudget2CB…OsBudgetNCB. Optionally, the OsBudget ID can be used as an index to the OsBudgetCBArray, allowing the OS to correctly locate the OsBudget's control block.
[0078] The OS provides a set of APIs. For any OsBudget of a Task, the OS can obtain and manipulate the OsBudget through these APIs to implement time protection for code segments within the Task. For example, the OS provides the start function StartOsBudget, which is used to initiate time protection for code segments within the Task using OsBudget. Similarly, the OS provides the stop function StopOsBudget, which is used to stop time protection for code segments within the Task using OsBudget. The input parameters for StartOsBudget and StopOsBudget include the OsBudget ID; the optional input parameter for StartOsBudget can also include a time budget.
[0079] Each CPU in the system corresponds to a hardware clock timer. Any virtual timer OsBudget used for time protection of code segments within a Task requires reusing this hardware clock timer. When multiple OsBudgets are running, the OS selects the OsBudget with the shortest timeout and reads the timeout from the corresponding OsBudgetCB, setting it to the hardware clock timer.
[0080] The implementation process of the time protection method is illustrated below with an example.
[0081] As shown in Figure 4, the time protection method provided in this application embodiment can be executed by an OS or the processor corresponding to the OS. The method mainly includes the following steps.
[0082] S401, determine the first virtual timer and the first duration.
[0083] The first duration can be understood as the time budget of the first virtual timer, for example, the first duration is 100 ticks or 100 microseconds. Based on the description in the above implementation, the CPU can determine the first virtual timer from the OsBudgets generated by the OS configuration tool, such as the OsBudget identified as Budget1.
[0084] S402, based on the first duration, the first code segment corresponding to the system task is protected by the first virtual timer.
[0085] In this embodiment, the system task (i.e., the aforementioned Task) corresponds to multiple code segments. These code segments can be Runnable, a single line of code, or multiple consecutive lines of code. The multiple code segments include the first code segment.
[0086] To implement time protection for the first code segment of a system task, the API corresponding to the first virtual timer can be added before and after the execution statements of the first code segment. For example, a start function for the first virtual timer can be added before the execution statements of the first code segment. The input parameters of this start function include the identifier and duration of the first virtual timer; this start function is used to initiate time protection for the first code segment. Alternatively, a stop function for the first virtual timer can be added after the execution statements of the first code segment. The input parameters of this stop function include the identifier of the first virtual timer; this stop function is used to deactivate time protection for the first code segment.
[0087] For example, for system tasks with strict latency requirements that must complete the execution of relevant code within a limited time, time protection can be implemented for the first code segment corresponding to the system task in this embodiment of the application. For instance, if the first code segment in the system task includes reading data from a peripheral device, and the peripheral device malfunctions or fails to read the expected data value, the running entity corresponding to the first code segment may experience excessive waiting time, affecting the operation of other programs. In this case, time protection of the first code segment can promptly terminate the operation of the running entity or the first code segment. As another example, if the first code segment in the system task includes a loop call, and the loop call times out, a time protection scheme for the first code segment can also be used to promptly terminate the operation of the running entity or the first code segment. Furthermore, the first code segment can be code associated with in-vehicle functional safety applications. Examples of in-vehicle functional safety applications include applications with ASIL D safety level requirements such as airbags, anti-lock braking systems, and power steering systems. By implementing time protection for the code associated with in-vehicle functional safety applications, the normal operation of these applications can be ensured. ASIL D refers to the highest safety requirement level in the automotive safety integrity level (ASIL).
[0088] Taking system task A, which includes RE1, RE2, and RE3, as an example, and considering time protection for code segment RE2 within Task A, as shown in Figure 5, a start function StartOsBudget is added before RE2, and a stop function StopOsBudget is added before RE2. Correspondingly, a possible code description example is as follows:
[0089] Similarly, taking the example of implementing time protection for multiple lines of code in TaskA individually, a possible code description is as follows:
[0090] Accordingly, the code execution logic can be understood by referring to the following two possible implementations:
[0091] In one possible implementation, the OS obtains computer programs or instructions input by the user and executes the following operations in sequence:
[0092] A1 calls the start function of the first virtual timer, initiating time protection for the first code segment.
[0093] Taking time protection for RE2 in TaskA as an example, the startup function of the first virtual timer is "StartOsBudget(Budget1,100)". When the startup function corresponding to the first virtual timer is called, the OS sets the state of the control block OsBudgetCB corresponding to the first virtual timer (Budget1) to the second state information. The second state information indicates that time protection for the first code segment is started, which can be understood as running. The return value of the startup function corresponds to this second state information. For example, the return value of the startup function is the second value, which can also be described as E_OK or other names. Based on this, if the condition (StartOsBudget(Budget1,100) == E_OK) is met when calling the startup function corresponding to the first virtual timer, then the first code segment (i.e., RE2) can continue to be executed.
[0094] Furthermore, initiating time protection for the first code segment can also be understood as initiating the first timer virtualizer. The OS inputs a first duration to the hardware clock timer associated with the first virtual timer. When the startup function of the first virtual timer is called, the hardware clock timer associated with the first timer virtualizer begins timing the CPU time occupied by the first code segment, thereby initiating time protection for the first code segment.
[0095] A2 executes the first code segment, and interrupts the execution of the first code segment when the execution time of the first code segment exceeds the first duration.
[0096] The execution time of the first code segment can be understood as the CPU time occupied by the first code segment. If the execution time of the first code segment exceeds the first duration, the first virtual timer will trigger a time-protected hardware interrupt to interrupt the execution of the first code segment. That is, the hardware clock timer associated with the first virtual timer will trigger the OS to interrupt the execution of the first code segment. For example, when the OS receives the first instruction output by the hardware clock timer, it can determine that the execution time of the first code segment exceeds the first duration, and thus interrupt the execution of the first code segment.
[0097] Furthermore, after interrupting the execution of the first code segment, the OS can also set the state of the control block OsBudgetCB corresponding to the first virtual timer (Budget1) to the first state information. The first state information indicates that the execution time of the first code segment has timed out. It can be understood that the first state information is timeout. Then, it is determined that the return value of the startup function corresponds to the first state information. For example, if the return value of the startup function is the first value, the first value corresponds to the first state information of the first virtual timer. The first value can also be replaced by the description E_TIMEOUT or other names. Based on this, after the OS interrupts the execution of the first code segment, it executes StartOsBudget a second time based on the return value of the startup function. However, at this time, the return value of the StartOsBudget function has been updated to E_TIMEOUT, which does not satisfy the condition: (StartOsBudget(Budget1,100)==E_OK). Therefore, the execution branch of RE2 is skipped, that is, the code of RE2 is no longer run, and the code of RE3 is run instead. It can be understood that in this embodiment of the application, StartOsBudget can achieve one call and two returns. The first execution of StartOsBudget saves the current running context in OSBudgetCB, which can be used to return E_TIMEOUT when the timeout occurs.
[0098] Optionally, the OS can interrupt the execution of the first code segment via an interrupt service routine (ISR). In this embodiment, the ISR called can also be defined as a Timing Protection ISR. The OS can, according to the handling strategy after code interruption, set the CPU register after the ISR returns to correspond to the return register in the context saved in OsBudgetCB, and save the return address of the StartOsBudget function in this return register. This allows the StartOsBudget function to be re-executed after the ISR returns. As described above, the return value of the StartOsBudget function has been updated to E_TIMEOUT, which does not satisfy the condition: (StartOsBudget(Budget1,100)==E_OK). Therefore, the execution branch of RE2 is skipped, meaning the code of RE2 is no longer executed, and instead, the code of RE3 is executed.
[0099] For ease of understanding, corresponding to the example of time protection for RE2 in TaskA alone, Figure 6A illustrates a code execution flowchart of the above implementation. After executing RE1 in TaskA, StartOsBudget is called. The background operations of StartOsBudget include: setting the state of OsBudget to running, setting the stack register in the context saved by OsBudget to provide the execution environment for RE2, and saving the return address of the StartOsBudget function in the return register. Corresponding to the state of OsBudget being running, the first return value of StartOsBudget is E_OK, causing the judgment statement "Is the return value of StartOsBudget E_OK?" under StartOsBudget to be executed, and the result is "yes"; then RE2 (or the code that runs RE2) is executed. Furthermore, when the execution time of RE2 exceeds the corresponding time budget, a time-protected hardware interrupt is triggered, calling the time-protected ISR interrupt to execute RE2. After the execution of RE2 by calling the time-protected ISR interrupt, the status of OsBudget is updated to timeout. The CPU register after the ISR returns is set to the return register in OsBudgetCB, so that the StartOsBudget function is re-executed after the ISR returns. Then, corresponding to the case where the status of OsBudget is timeout, the second return value of StartOsBudget is set to E_TIMEOUT. This makes the judgment statement "Is the return value of StartOsBudget E_OK" under the StartOsBudget function executed again, and the result is "No". Therefore, RE2 is skipped and RE3 is executed instead.
[0100] In another possible implementation, the CPU obtains information from the user via computer programs or instructions and executes the following operations in sequence:
[0101] B1 calls the start function of the first virtual timer, initiating time protection for the first code segment.
[0102] This step can be understood with reference to the aforementioned step A1, and will not be described in detail in this embodiment.
[0103] B2, if the execution time of the first code segment is less than the first duration, then the stop function corresponding to the first virtual timer is called to stop the time protection of the first code segment.
[0104] The execution time of the first code segment can be understood as the CPU time occupied by the first code segment. If the CPU time occupied by the first code segment falls within the first duration, it can be understood that the execution time of the first code segment is less than the first duration. Taking time protection of RE2 in TaskA as an example, the stop function of the first virtual timer, "StopOsBudget(Budget1)", is called to set the state of the virtual timer identified by Budget1 to stop, thereby stopping the time protection of the first code segment. Optionally, after setting the state of the virtual timer identified by Budget1 to stop, the timing of the hardware clock timer can be set according to other virtual timers with a running state. If there are no other virtual timers with a running state, the hardware clock timer is turned off.
[0105] For ease of understanding, corresponding to the example of time protection for RE2 in TaskA alone, Figure 6B illustrates a code execution flowchart of the above implementation. After executing RE1 in TaskA, StartOsBudget is called. The background operations of StartOsBudget include: setting the state of OsBudget to running, setting the stack register in the context saved by OsBudget to provide the execution environment for RE2, and saving the return address of the StartOsBudget function in the return register. Corresponding to the state of OsBudget being running, the first return value of StartOsBudget is E_OK, causing the CPU to execute the judgment statement "Is the return value of StartOsBudget E_OK?" under StartOsBudget, obtaining a "yes" result; then RE2 (or the code running RE2) is executed; since the execution time of RE2 is less than the first duration, StopOsBudget is called; and RE3 continues to be executed.
[0106] Optionally, the first virtual timer can also be used for time protection of a second code segment following the first code segment in a system task. Optionally, the time budget for time protection of the second code segment may be the same as or different from the time budget for time protection of the first code segment. In addition to performing time protection of the first code segment, the following steps may also be performed:
[0107] S403, obtain the second duration.
[0108] The second duration indicates the time budget for time protection of the second code segment. The second duration may be the same as or different from the first duration described in S401. This step can be performed simultaneously with S401, or after S401 or S402, and the embodiments of this application do not limit this.
[0109] S404, based on the second duration, the second code segment is time-protected by the first virtualizer.
[0110] It is understandable that the execution time of the second code segment is later than that of the first code segment, and the CPU executes S404 after executing S402.
[0111] To implement time protection for the second code segment of a system task, the API corresponding to the first virtual timer can be added before and after the execution statements of the second code segment. For example, a start function for the first virtual timer can be added before the execution statements of the second code segment. The input parameters of this start function include the identifier of the first virtual timer and its second duration; this start function is used to initiate time protection for the second code segment. Alternatively, a stop function for the first virtual timer can be added after the execution statements of the second code segment. The input parameters of this stop function include the identifier of the first virtual timer; this stop function is used to deactivate time protection for the second code segment.
[0112] Taking TaskA, which includes RE1, RE2, and RE3, as an example, RE2 and RE3 in TaskA are time-protected using OsBudget, which is identified as Budget1. The first duration is 100 microseconds, and the second duration is 50 microseconds. A possible code description example is as follows:
[0113] The code execution logic for time protection of RE2 and RE3 can be understood with reference to the two implementations under S404, which will not be elaborated in this embodiment.
[0114] As shown in Figure 7, the time protection method provided in this application embodiment can be executed by an OS or the processor corresponding to the OS. The method mainly includes the following steps.
[0115] S701, determine the first virtual timer and the first duration, as well as the second virtual timer and the third duration.
[0116] S702, based on the first duration, performs time protection on the first code segment corresponding to the system task through the first virtual timer.
[0117] This step can be understood by referring to the description in S402, and will not be repeated in this embodiment.
[0118] S703, based on the third duration, uses a second virtual timer to perform time protection on the third code segment corresponding to the system task.
[0119] This step can also be understood with reference to the description in S402, and will not be repeated in this embodiment.
[0120] Taking Task A, which includes RE1, RE2, and RE3, as an example, RE2 in Task A is time-protected using OsBudget identified as Budget1, with a first duration of 100 microseconds; RE3 in Task A is time-protected using OsBudget identified as Budget2, with a third duration of 50 microseconds. An example of a possible code description is as follows:
[0121] In one possible implementation, the first and second code segments start execution at the same time, and S702 and S704 execute in parallel. The first virtual timer corresponding to the first code segment and the second virtual timer corresponding to the second code segment start at the same time. This means that the first and third virtual timers are running simultaneously. If the first and third virtual timers are associated with the same hardware clock timer, the OS can first input the smaller of the first and third durations, such as the first duration, to the hardware clock timer; start timing; and when the duration reaches the first duration, input the duration difference between the first and third durations again to the hardware clock timer to continue timing.
[0122] As shown in Figure 8, the time protection method provided in this application embodiment can be executed by an OS or the processor corresponding to the OS. The method mainly includes the following steps.
[0123] S801, determine the first virtual timer and the first duration, as well as the third virtual timer and the fourth duration.
[0124] The fourth duration indicates the time budget for time protection of the first and fourth code segments, the first duration indicates the time budget for time protection of the first code segment, and the fourth duration is longer than the first duration.
[0125] S802, according to the fourth duration, the fourth code segment and the first code segment corresponding to the system task are time-protected by the third virtual timer.
[0126] To implement time protection for the first and fourth code segments of a system task, the API corresponding to the first virtual timer can be added before and after the execution statements of the first and fourth code segments, respectively. For example, a startup function for the third virtual timer can be added before the execution statements of the first code segment. The input parameters of this startup function include the identifier of the third virtual timer and its duration; this startup function is used to initiate time protection for the first and fourth code segments. Alternatively, a stop function for the third virtual timer can be added after the execution statements of the fourth code segment. The input parameters of this stop function include the identifier of the third virtual timer; this stop function is used to deactivate time protection for the first and fourth code segments.
[0127] S803, based on the first duration, the first code segment corresponding to the system task is time-protected by the first virtual timer.
[0128] To implement time protection for the first code segment of a system task, the API corresponding to the first virtual timer can be added before and after the execution statements of the first code segment. For example, a start function for the first virtual timer can be added before the execution statements of the first code segment. The input parameters of this start function include the identifier and duration of the first virtual timer; this start function is used to initiate time protection for the first code segment. Alternatively, a stop function for the first virtual timer can be added after the execution statements of the first code segment. The input parameters of this stop function include the identifier of the first virtual timer; this stop function is used to deactivate time protection for the first code segment.
[0129] Taking Task A, which includes RE1, RE2, and RE3, as an example, RE2 and RE3 in Task A are time-protected through OsBudget identified as Budget2, with a fourth duration of 150 microseconds; RE2 in Task A is time-protected separately through OsBudget identified as Budget1, with a first duration of 100 microseconds. An example of a possible code description is as follows:
[0130] The code execution logic for time protection of RE2 can be understood with reference to the two implementations under S404. The time budget for time protection of RE3 can be understood as the time difference between the first duration and the fourth duration. The code execution logic for time protection of RE2 and RE3 can also be understood with reference to the two implementations under S404. This application embodiment will not elaborate on this.
[0131] In another possible implementation, the OS builds a built-in OS object for each Task to protect the time of the Runnables within the Task. This OS object can be understood as a virtual timer, denoted as OsRunnableBudget. The OS provides a set of APIs that can retrieve and manipulate the built-in OsRunnableBudget based on the current Task, thereby implementing time protection for the Runnables within the Task through OsRunnableBudget. For example, the OS provides a start function StartOsRunnableBudget to start time protection for the Runnables in the Task using OsRunnableBudget. The input parameters of StartOsRunnableBudget include the time budget for time protection. The OS also provides a stop function StopROsRunnableBudget to stop time protection for the Runnables in the Task through OsRunnableBudget.
[0132] Accordingly, the OS also configures a corresponding control block, OsRunnableBudgetCB, for the built-in OsRunnableBudget of the Task. As shown in Figure 9, the OS configures TaskExecutionBudgetCB and adds OsRunnableBudgetCB in the Task Control Block. Among them, OsRunnableBudgetCB is used to store the context, the state of OsRunnableBudget, and the timeout (or time budget).
[0133] Taking TaskA, which includes RE1, RE2, and RE3, as an example of implementing time protection specifically for RE2 within TaskA, the OS, based on TaskA's built-in OsRunnableBudget, adds a start function StartOsRunnableBudget before RE2 and a stop function StopOsRunnableBudget before RE2. Accordingly, a possible code description example is as follows:
[0134] Accordingly, the code execution logic can be understood with reference to the two possible implementations in S402, which will not be elaborated upon in this embodiment.
[0135] Based on the same concept, this application also provides a time protection device 100 for executing the method executed by the OS in the above method embodiments. Related features can be found in the above method embodiments, and will not be repeated here. As shown in FIG10, the time protection device includes a determination module 1001, a time protection module 1002, and a transceiver module 1003.
[0136] Module 1001 is used to determine the first virtual timer and the first duration;
[0137] The time protection module 1002 is used to perform time protection on the first code segment corresponding to the system task through the first virtual timer according to the first duration; wherein, the system task corresponds to multiple code segments, and the multiple code segments include the first code segment.
[0138] Optionally, the time protection device 100 described above can be used to execute the method executed by the OS in the embodiment shown in FIG. 4. In one possible design, the determining module 1001 can execute step S401 in the embodiment shown in FIG. 4. The time protection module 1002 can execute step S402 (including A1-A2 or B1-B2) in the embodiment shown in FIG. 4. In one possible design, the time protection device 100 further includes a transceiver module 1003, which is used to input the first duration to the hardware clock timer associated with the first virtual timer and to receive the first instruction output by the hardware clock timer; the determining module 1001 is also used to determine that the execution time of the first code segment exceeds the first duration when the transceiver module 1003 receives the first instruction output by the hardware clock timer. In one possible design, the determining module 1001 can also execute step S403 in the embodiment shown in FIG. 4. The time protection module 1002 can also execute step S404 in the embodiment shown in FIG. 4.
[0139] Optionally, the time protection device 100 described above can be used to execute the method performed by the OS in the embodiment shown in FIG. 7. In one possible design, the determining module 1001 can execute step S701 in the embodiment shown in FIG. 7. The time protection module 1002 can execute steps S702 and S703 in the embodiment shown in FIG. 7. In one possible design, the determining module 1001 can also execute step S403 in the embodiment shown in FIG. 4. The time protection module 1002 can also execute step S404 in the embodiment shown in FIG. 4.
[0140] In one possible design, the time protection device 100 further includes a transceiver module 1003. When the start execution times of the first code segment and the second code segment are the same, the transceiver module is further configured to: input the first duration to a hardware clock timer; wherein the hardware clock timer is associated with the first virtual timer and the second virtual timer, and the first duration is less than the third duration; upon receiving a first instruction output by the hardware clock timer, input the duration difference between the third duration and the first duration to the hardware clock timer; wherein the first instruction indicates that the execution time of the first code segment exceeds the first duration.
[0141] Optionally, the time protection device 100 described above can be used to execute the method performed by the OS in the embodiment shown in FIG8. In one possible design, the determining module 1001 can execute step S801 in the embodiment shown in FIG8. The time protection module 1002 can execute steps S802 and S803 in the embodiment shown in FIG8.
[0142] Optionally, the aforementioned time protection device 100 can be applied to the automotive open system architecture AUTOSAR.
[0143] Figure 11 is a schematic diagram of the structure of a computer device 1100 provided in an embodiment of this application. As shown in Figure 11, the computer device provided in this embodiment can be used to implement the time protection method described in the above method embodiments.
[0144] Computer device 1100 may include processor 1101 and memory 1102 storing computer program instructions.
[0145] Specifically, the processor 1101 may include a central processing unit (CPU), an application-specific integrated circuit (ASIC), or one or more integrated circuits that can be configured to implement the embodiments of this application.
[0146] Memory 1102 may include mass storage for data or instructions. For example, and not limitingly, memory 1102 may include a hard disk drive (HDD), floppy disk drive, flash memory, optical disk, magneto-optical disk, magnetic tape, or universal serial bus (USB) drive, or a combination of two or more of these. Where appropriate, memory 1102 may include removable or non-removable (or fixed) media. Where appropriate, memory 1102 may be internal or external to the integrated gateway disaster recovery device. In a particular embodiment, memory 1102 is non-volatile solid-state memory.
[0147] Memory may include read-only memory (ROM), random access memory (RAM), disk storage media devices, optical storage media devices, flash memory devices, and electrical, optical, or other physical / tangible memory storage devices. Therefore, typically, memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software including computer-executable instructions, and when the software is executed (e.g., by one or more processors), it is operable to perform the operations described with reference to the methods according to this application.
[0148] The processor 1101 implements any of the time protection methods described in the above embodiments by reading and executing computer program instructions stored in the memory 1102.
[0149] In one example, the electronic device may also include a communication interface 1103 and a bus 1110. As shown in Figure 11, the processor 1101, memory 1102, and communication interface 1103 are connected via the bus 1110 and communicate with each other.
[0150] The communication interface 1103 is mainly used to realize communication between various modules, devices, units and / or equipment in the embodiments of this application.
[0151] Bus 1110 includes hardware, software, or both, that couples components of an electronic device together. For example, and not limitingly, the bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Extended Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hyper Transport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an Infinite Bandwidth Interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a Video Electronics Standards Association Local Bus (VESA Local Bus, VLB) bus, or other suitable buses, or combinations of two or more of these. Where appropriate, bus 1110 may include one or more buses. Although specific buses are described and illustrated in embodiments of this application, this application contemplates any suitable bus or interconnect.
[0152] Furthermore, in conjunction with the above embodiments, this application embodiment can be implemented using a computer storage medium. This computer storage medium stores computer program instructions; when these computer program instructions are executed by a processor, they implement any of the signal processing methods described in the above embodiments.
[0153] The functional blocks shown in the above-described block diagram can be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, they can be, for example, electronic circuits, application-specific integrated circuits (ASICs), appropriate firmware, plug-ins, function cards, etc. When implemented in software, the elements of this application are programs or code segments used to perform the required tasks. Programs or code segments can be stored on a machine-readable medium or transmitted over a transmission medium or communication link via data signals carried on a carrier wave. "Machine-readable medium" can include any medium capable of storing or transmitting information. Examples of machine-readable media include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, compact disc read-only memory (CD-ROM), optical disks, hard disks, fiber optic media, radio frequency (RF) links, etc. Code segments can be downloaded via computer networks such as the Internet, intranets, etc.
[0154] In the above embodiments, implementation can be achieved entirely or partially through software, hardware, firmware, or any combination thereof. When implemented using software, it can be implemented entirely or partially in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, all or part of the processes or functions described in the embodiments of this application are generated. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium or transmitted through the computer-readable storage medium. The computer instructions can be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium can be any available medium that a computer can access or a data storage device such as a server or data center that integrates one or more available media. The available media may be magnetic media (e.g., floppy disks, hard disks, magnetic tapes), optical media (e.g., digital video discs, DVDs), or semiconductor media (e.g., solid-state disks, SSDs), etc.
[0155] It should also be noted that the exemplary embodiments mentioned in this application describe methods or systems based on a series of steps or apparatus. However, this application is not limited to the order of the above steps; that is, the steps can be performed in the order mentioned in the embodiments, or in a different order, or several steps can be performed simultaneously.
[0156] The aspects of this application have been described above with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It should be understood that each block in the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing apparatus to produce a machine such that these instructions, executable via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions / actions specified in one or more blocks of the flowchart illustrations and / or block diagrams. Such a processor can be, but is not limited to, a general-purpose processor, a special-purpose processor, a special application processor, or a field-programmable logic circuit. It is also understood that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can also be implemented by dedicated hardware performing the specified functions or actions, or can be implemented by a combination of dedicated hardware and computer instructions.
[0157] Those skilled in the art will further recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both. To clearly illustrate the interchangeability of hardware and software, the components and steps of the various examples have been generally described in terms of functionality in the foregoing description. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
[0158] The above description is merely a preferred embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application.
Claims
1. A time protection method, characterized by, include: Determine the first virtual timer and the first duration; Based on the first duration, the first code segment corresponding to the system task is protected by the first virtual timer; wherein, the system task corresponds to multiple code segments, and the multiple code segments include the first code segment.
2. The method of claim 1, wherein, The step of protecting the first code segment corresponding to the system task through the first virtual timer according to the first duration includes: Call the startup function corresponding to the first virtual timer to initiate time protection for the first code segment; The first code segment is executed, and execution of the first code segment is interrupted when the execution time of the first code segment exceeds the first duration.
3. The method of claim 2, wherein, After interrupting the execution of the first code segment, it also includes: The return value of the startup function is determined to correspond to the first status information of the first virtual timer, and the first status information indicates that the execution time of the first code segment has timed out.
4. The method of claim 2 or 3, wherein, Also includes: Input the first duration into the hardware clock timer associated with the first virtual timer; Upon receiving the first instruction output by the hardware clock timer, it is determined that the execution time of the first code segment exceeds the first duration.
5. The method of claim 1, wherein, The step of protecting the first code segment corresponding to the system task through the first virtual timer according to the first duration includes: Call the startup function corresponding to the first virtual timer to initiate time protection for the first code segment; When the execution of the first code segment is less than the first duration, the stop function corresponding to the first virtual timer is called to stop the time protection of the first code segment.
6. The method according to any one of claims 2 to 5, wherein, When the startup function corresponding to the first virtual timer is called, the return value of the startup function corresponds to the second status information of the first virtual timer, and the second status information indicates that time protection for the first code segment is started.
7. The method according to any one of claims 1 to 6, wherein Also includes: Get the second duration; Based on the second duration, the second code segment corresponding to the system task is time-protected by the first virtual timer; wherein the execution of the second code segment is later than the execution of the first code segment.
8. The method of claim 7, wherein, The step of protecting the second code segment corresponding to the system task through the first virtual timer according to the second duration includes: Call the startup function corresponding to the first virtual timer to initiate time protection for the second code segment; Execute the second code segment, and interrupt the execution of the second code segment if the execution time of the second code segment exceeds the second duration; Alternatively, when the execution time of the second code segment is less than the second duration, the stop function corresponding to the first virtual timer is called to stop the time protection of the second code segment.
9. The method of any one of claims 1-3, wherein, Also includes: Determine the second virtual timer and the third duration; Based on the third duration, the third code segment corresponding to the system task is time-protected by the second virtual timer.
10. The method of claim 9, wherein, When the start execution times of the first code segment and the second code segment are the same, the method further includes: The first duration is input to the hardware clock timer; wherein the hardware clock timer is associated with the first virtual timer and the second virtual timer, and the first duration is less than the third duration; Upon receiving the first instruction output by the hardware clock timer, the third duration and the duration difference between the first duration are input to the hardware clock timer; wherein, the first instruction indicates that the execution time of the first code segment exceeds the first duration.
11. The method of claim 1, wherein, Also includes: Determine the configuration information for the third virtual timer and the fourth duration; Based on the fourth duration, the fourth code segment and the first code segment corresponding to the system task are protected by the third virtual timer; wherein the fourth duration is longer than the first duration.
12. The method of claim 11, wherein, The step of performing time protection on the fourth code segment and the first code segment corresponding to the system task through the third virtual timer according to the fourth duration includes: Call the startup function corresponding to the third virtual timer to initiate time protection for the fourth code segment and the first code segment; Call the startup function corresponding to the first virtual timer to initiate time protection for the first code segment; Execute the first code segment, and interrupt the execution of the first code segment when the execution time of the first code segment exceeds the first duration; When the execution time of the fourth code segment is less than the duration difference between the fourth duration and the first duration, the stop function corresponding to the third virtual timer is called to stop the time protection of the fourth code segment.
13. The method of any one of claims 1-12, wherein, The method is applied to the AUTOSAR open system architecture for automobiles.
14. A time protection device, characterized by include: The determination module is used to determine the first virtual timer and the first duration; A time protection module is used to perform time protection on a first code segment corresponding to a system task using a first virtual timer based on the first duration; wherein, the system task corresponds to multiple code segments, and the multiple code segments include the first code segment.
15. The apparatus of claim 14, wherein, The time protection module is specifically used for: Call the startup function corresponding to the first virtual timer to initiate time protection for the first code segment; The first code segment is executed, and execution of the first code segment is interrupted when the execution time of the first code segment exceeds the first duration.
16. The apparatus of claim 15, wherein, The determining module is further configured to: After the time protection module interrupts the execution of the first code segment, it is determined that the return value of the startup function corresponds to the first status information of the first virtual timer, and the first status information indicates that the execution time of the first code segment has timed out.
17. The apparatus of claim 15 or 16, wherein, It also includes a transceiver module; among which, The transceiver module is used to input the first duration to the hardware clock timer associated with the first virtual timer, and to receive the first instruction output by the hardware clock timer. The determining module is further configured to determine that the execution time of the first code segment exceeds the first duration.
18. The apparatus of claim 14, wherein, The time protection module is specifically used for: Call the startup function corresponding to the first virtual timer to initiate time protection for the first code segment; When the execution of the first code segment is less than the first duration, the stop function corresponding to the first virtual timer is called to stop the time protection of the first code segment.
19. The apparatus of any one of claims 15-18, wherein, The determining module is further configured to: When the time protection module calls the start function corresponding to the first virtual timer, it determines that the return value of the start function corresponds to the second status information of the first virtual timer, and the second status information indicates that time protection for the first code segment is started.
20. The apparatus according to any one of claims 14-19, characterized in that, The determining module is also used to obtain a second duration; The time protection module is further configured to perform time protection on the second code segment corresponding to the system task through the first virtual timer according to the second duration; wherein the execution of the second code segment is later than the execution of the first code segment.
21. The apparatus of claim 20, wherein, The time protection module is specifically used for: Call the startup function corresponding to the first virtual timer to initiate time protection for the second code segment; Execute the second code segment, and interrupt the execution of the second code segment if the execution time of the second code segment exceeds the second duration; Alternatively, when the execution time of the second code segment is less than the second duration, the stop function corresponding to the first virtual timer is called to stop the time protection of the second code segment.
22. The apparatus according to any one of claims 14-17, characterized in that, The determining module is also used to determine the second virtual timer and the third duration; The time protection module is further configured to perform time protection on the third code segment corresponding to the system task through the second virtual timer according to the third duration.
23. The apparatus of claim 22, wherein, When the start execution times of the first code segment and the second code segment are the same, the transceiver module is further configured to: The first duration is input to the hardware clock timer; wherein the hardware clock timer is associated with the first virtual timer and the second virtual timer, and the first duration is less than the third duration; Upon receiving the first instruction output by the hardware clock timer, the third duration and the duration difference between the first duration are input to the hardware clock timer; wherein, the first instruction indicates that the execution time of the first code segment exceeds the first duration.
24. The apparatus as claimed in claim 14, characterized in that, The determining module is also used to determine the configuration information of the third virtual timer and the fourth duration; The time protection module is further configured to perform time protection on the fourth code segment and the first code segment corresponding to the system task through the third virtual timer according to the fourth duration; wherein the fourth duration is longer than the first duration.
25. The apparatus of claim 24, wherein, The time protection module is specifically used for: Call the startup function corresponding to the third virtual timer to initiate time protection for the fourth code segment and the first code segment; Call the startup function corresponding to the first virtual timer to initiate time protection for the first code segment; Execute the first code segment, and interrupt the execution of the first code segment when the execution time of the first code segment exceeds the first duration; When the execution time of the fourth code segment is less than the duration difference between the fourth duration and the first duration, the stop function corresponding to the third virtual timer is called to stop the time protection of the fourth code segment.
26. The apparatus of any one of claims 14-25, wherein, The device is applied to the AUTOSAR open system architecture for automobiles.
27. A computer device, comprising: It includes a processor and a memory, wherein the memory stores executable code, and when the processor executes the executable code, it implements the method of any one of claims 1-13.
28. A computer storage medium, comprising, The computer storage medium stores a program or instructions, which, when executed by a processor, implement the method of any one of claims 1-13.
29. A vehicle characterized by The vehicle includes the device as described in any one of claims 14-26.